Google+ User Data Exposed

Google+ Shutdown Accelerates as User Data Exposed Again

Google+ Shutdown Accelerates as User Data Exposed Again

On December 10 Google announced a bug in the Google+ API that exposed user data from 52.5 million accounts. The bug was part of a November 7 software update and had been corrected by November 13. Developers had access to compromised data for almost a week, although there is no evidence that data was misused during that time or that Google+ had been targeted by a third party.  

The announcement comes after Google’s October announcement that it would be shutting down Google+ in August 2019 after discovering a bug that exposed data from 500,000 users. That data had been exposed for three years. With this latest announcement, Google has decided to kill Google+ in April 2019, and will end API access within the next three months.  

The bug exposed Google+ profile data that the user had not made public or was only supposed to be available to authorized users. This includes information like name, age, email address and occupation. Password, financial data and other information used in identity theft were not exposed. Some of the information was the same as the information exposed in the initial bug impacting a smaller user group; however, the bugs are distinct.

Staff at Google caught the bug quickly even though they are sunsetting Google+, demonstrating they are continuing to test site security. Continued updates are likely in response to the initial security problem reported in October that contributed to the decision to shut down the product. Google has also faced a wave of privacy concerns related to other products and is improving its response time to issues overall.

Google has notified users who were impacted by the bug. While Google is moving up the termination date, it wants to give users enough time to migrate to another social platform. Users have the opportunity to download and migrate their data from their Google+ profile. Users also have the option to delete their Google+ profile now.

Not all profiles will disappear next spring; businesses will still be able to use their Google+ profiles. The security flaw also impacted these enterprise customers. Google+ launched in 2011, but their consumer version never achieved the numbers of other social networking sites and has low engagement. Meanwhile, companies have found it useful for intra-staff communication. Google announced they will be focusing on developing their Google+ product to meet the needs of their enterprise customers by building it into a secure social network.